EUVD-2025-209201

Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects...

CVE-2025-7024

Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects...

Airbus AIRBUS PSS TETRA Connectivity Server 安全漏洞

Airbus AIRBUS PSS TETRA Connectivity Server is a communication software developed by Airbus. Version 7.0 of Airbus AIRBUS PSS TETRA Connectivity Server contains a security vulnerability. This vulnerability stems from improper default permission settings, which may lead to unauthorized access and...

com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=6.0.0 <=6.1.7), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (>=6.0.0 <=6.1.0) +3 more potentially affected by unknown CVE via org.graylog2:graylog2-server (>=6.0.0 <=6.1.8)

org.graylog2:graylog2-server MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.1.16 Source cves: unknown CVE Source advisory: SNYK:JAVA-ORGGRAYLOG2-10121303...

com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=6.1.0 <=6.1.7), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (=6.1.0) +3 more potentially affected by CVE-2025-30373 via org.graylog2:graylog2-server (>=6.1.0 <=6.1.8)

org.graylog2:graylog2-server MAVEN version =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.16 Source cves: CVE-2025-30373 Source advisory: SNYK:JAVA-ORGGRAYLOG2-9668945...

Airbus Navblue Flysmart LPC-NG issues

LPC-NG or Less Paper Cockpit - Next Generation is an electronic flight bag EFB application offered by Navblue, a part of Airbus. It’s used for calculating engine thrust requirements perf on takeoff and braking action on landing, among many features that help make flight safer and more efficient...

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and...

Hackers Uncover Airbus EFB App Vulnerability, Risking Aircraft Data

By Deeba Ahmed In this instance, the hackers were white hat; otherwise, things could have gone awry. This is a post from HackRead.com Read the original post: Hackers Uncover Airbus EFB App Vulnerability, Risking Aircraft Data...

Hacking Electronic Flight Bags. Airbus NAVBLUE Flysmart+ Manager

We’ve been testing the security of a number of different electronic flight bag, or EFB, applications for a few years now. Here’s the latest on that now it has been remediated, 19 months after our initial disclosure to Airbus. TL;DR Flysmart+ is a suite of apps for pilot EFBs, helping deliver...

FBI Hacker Dropped Stolen Airbus Data on 9/11

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle "USDoD" had infiltrated the FBIs vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing t...

com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=5.0.0) +12 more potentially affected by CVE-2023-41041 via org.graylog2:graylog2-server (>=1.0.0-beta.3 <=5.0.8)

org.graylog2:graylog2-server MAVEN version =1.0.0-beta.3, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.0.3, =1.0.0, =1.2.0, =1.3.4 Source cves: CVE-2023-41041 Source advisory: OSV:GHSA-3FQM-FRHG-7C85...

w3.airbus.com Cross Site Scripting vulnerability OBB-3213668

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-5V8V-GWMW-QW97 org.neo4j.procedure:apoc Path Traversal Vulnerability

Impact A Path Traversal Vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the expected directory. The vulnerability is such that files could only be created but not overwritten. For the...

Lazarus Targets Job-Seeking Engineers with Malicious Documents

The notorious Lazarus advanced persistent threat APT group has been identified as the cybergang behind a campaign spreading malicious documents to job-seeking engineers. The ploy involves impersonating defense contractors seeking job candidates. Researchers have been tracking Lazarus activity for...

Airbus Data Takes Flight; and Billions of Credentials Dumped on Dark Web

French airplane and military aircraft behemoth Airbus SE has become the latest victim of a cyberattack leading to a data breach, with an incident detected on its “commercial aircraft business” information systems. It is only the latest high-profile data exposure to come to light in recent days, a...

Airbus Suffers Data Breach, Some Employees' Data Exposed

European airplane maker Airbus admitted yesterday a data breach of its "Commercial Aircraft business" information systems that allowed intruders to gain access to some of its employees' personal information. Though the company did not elaborate on the nature of the hack, it claimed that the...

Airbus Suffers Data Breach, Some Employees' Data Exposed

European airplane maker Airbus admitted yesterday a data breach of its "Commercial Aircraft business" information systems that allowed intruders to gain access to some of its employees' personal information. Though the company did not elaborate on the nature of the hack, it claimed that the...

airbusbank.com XSS vulnerability

Open Bug Bounty ID: OBB-706008 Description| Value ---|--- Affected Website:| airbusbank.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

helicopters.airbus.com XSS vulnerability

Open Bug Bounty ID: OBB-452763 Description| Value ---|--- Affected Website:| helicopters.airbus.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

airbushelicopters.co.za XSS vulnerability

Open Bug Bounty ID: OBB-410480 Description| Value ---|--- Affected Website:| airbushelicopters.co.za Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...